Security

Your Account Safety

Security and confidentiality of your private information is the #1 concern of RentPayEasy.com. We take extra precautions in protecting it, and ensuring that only those who need to know it – our payment partners – ever receive it. None of the servers or people behind RentPayEasy.com ever get a copy of your credit card number, bank account number, or even your routing number. How is this possible? When you enter your information in the payment or account-verification forms here on RentPayEasy.com, that information is sent directly from your computer or smartphone to our payment partner over a secure channel.

RentPayEasy.com takes fraud very seriously, and our payment partners make use of highly advanced fraud detection and prevention systems. If you suspect that your credit card or bank account has been used without your permission, or if you have any questions about charges made on it, please contact us immediately. Do not email complete card or bank account numbers. We will do our best to help pinpoint any charges you’re concerned with. We will gladly work with banks, credit card issuers, law enforcement agencies, and credit bureaus to fight fraud and increase safety and security for our customers in any way possible.

Security Researchers: Responsible Disclosure

We work carefully at RentPayEasy.com to make our service as secure as absolutely possible. However, we realize that even the very highest-profile, most-secured services may contain some flaws. Per our terms of service, we encourage “white-hat” security researchers to share any findings of possible vulnerabilities or other bugs in our service with us. If you’ve found one, or have experienced a security incident, please let us know by emailing admin -at- rentpayeasy -dot- com right away, with a detailed summary of your findings and a valid email address through which we can reach you if we need more information.

We appreciate the efforts of all who work to make the internet a safer place, and we will not take legal or administrative action against you or your account if you act responsibly. This includes doing your best to keep any sensitive information completely private, and not disrupting the experience of our users or our staff. Though we cannot provide monetary rewards at this time, we will gladly credit you below this notice for any vulnerabilities reported, and include a link to your website.

Please do report:

Persistent/stored XSS

Cross-site request forgery (CSRF)

Broken authentication

Remote code execution

SQL injection

Please do not report:

Self-XSS

Missing SPF, DKIM, or other DNS records

Non-administrative username enumeration

Outdated versions of WordPress or JavaScript libraries/modules without known vulnerabilities

Please note that we can’t provide you a reward if it would be illegal for us to do so, such as if you live in a country under current United States sanctions (e.g. North Korea, Cuba, and Libya).

Hat tip to the knowledgable folks at iFixit and Stripe for their sensible responsible disclosure guidelines, which we have chosen to emulate.